Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
http://downloads.avaya.com/css/P8/documents/100133195
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
http://www.mozilla.org/security/announce/2011/mfsa2011-04.html
http://www.securityfocus.com/bid/46648
https://bugzilla.mozilla.org/show_bug.cgi?id=615657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018